Passing The Email Privacy Act Has Never Been More Urgent

02/07/2017 02:55 pm ET | Updated Feb 08, 2017

By Andy Greenberg for WIRED.

Jeff Sessions arrives at the U.S. Capitol on Friday, January 20, 2017, in Washington, for the inauguration ceremony of Donald J. Trump.

It’s safe to say that any digital privacy bill written more than three years before the invention of the World Wide Web is probably due for an overhaul. But the Electronic Communications Privacy Act has persisted intact for more than three decades, including its anachronistic loophole that allows the warrantless collection of emails from US citizens. Now, in its second attempt in two years, Congress is poised to reform the most outdated elements of ECPA. With Trump’s incoming Justice Department, that reform seems more urgent than ever.

On Monday evening, the House of Representatives unanimously passed the Email Privacy Act, a bill that would reform ECPA were it to become law. In particular, it would newly require government agencies to obtain a warrant before seizing a criminal suspect’s online communications that are more than 180 days old. Under the ECPA’s existing logic, those older communications are considered abandoned, and thus not subject to a reasonable expectation of privacy.

Think, though, of how many emails currently in your inbox are from six months ago or more. The ECPA applies to cloud technologies as well, making Dropbox files from as recently as last summer easily accessible to the feds. In an era where companies like Gmail and Yahoo store our emails for years, that law is long past due for an update. It’s so patently archaic, in fact, that Obama’s Justice Department had committed to avoiding the law’s loophole, seeking warrants before accessing those older emails anyway.

But now that President Trump has appointed surveillance hawk Senator Jeff Sessions to lead the Justice Department, privacy advocates are arguing that finally passing ECPA reform has taken on new importance.

“Given Trump’s nominees…the stakes for privacy have never been higher,” says Robyn Greene, policy counsel at the New America Foundation’s Open Technology Institute. “It’s crucial Congress act on ECPA reform so that Americans can feel safe in their 4th amendment rights.”

ECPA reform passed the House unanimously last year as well. But when the bill came to the Senate, Sessions and fellow Republican Senator John Cornyn added controversial surveillance-friendly amendments to the bill that caused it to falter and expire. Sessions wanted to grant law enforcement the ability to demand data from internet firms without a warrant in ill-defined “emergency” cases, despite the fact that many companies already do voluntarily hand over personal data in emergency situations. Even a retired Washington, DC homicide detective of 27 years called that amendment “unwise and unsafe.”

Cornyn, meanwhile, attempted to expand the power of the FBI’s national security letters, which can be secretly used to demand private information from internet firms. That expansion would have allowed national security letters to be used without warrants to grab metadata, like a target’s browsing history and IP addresses. Dozens of civil liberties groups and tech firms including Google and Yahoo signed a letter opposing the amendment, but it ultimately delayed the bill too long to reach a vote before the end of the Congressional session.

With the bill’s reintroduction, Sessions’ eventual move to the Justice Department might help clear the way for the bill to pass the Senate without those poison-pill additions. Considering that same move puts a vocal surveillance advocate in charge of the ECPA’s implementation, activists argue that updated safeguards are also more needed than ever.

“We shouldn’t be reliant on a particular administration policy to ensure that Americans’ fourth amendment rights are protected,” says Neema Singh-Giuliani, an attorney with the ACLU. “The public wants to know that their information is protected whether the president is Donald Trump or anyone else.”

In fact, the question of the privacy of stored communications has already been decided in the courts: In the 2008 case of Warshak v. USA, a sixth district appellate court found that seizing the older stored emails of a criminal suspect without a warrant violated his fourth amendment right to protection from unconstitutional searches. But that case hasn’t been tested nationwide, and the passage of the Email Privacy Act would seal its result in law rather than depend on Trump’s Justice Department not to fight it in court.

Despite flying through the House tonight, with Sessions not yet confirmed as Attorney General and Cornyn still in office, the Senate prognosis remains less certain. “I hope they’ve abandoned their their tactics of trying to create a surveillance bill out of a privacy bill,” says OTI’s Greene. “It’s critically important to recognize this is something both members of Congress and the American public are demanding.”

More from WIRED:

CONVERSATIONS